589819 – [abrt] crash in wpa_supplicant-1:0.6.8-8.fc13: Process /usr/sbin/wpa_supplicant was killed by signal 11 (SIGSEGV)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 589819 - [abrt] crash in wpa_supplicant-1:0.6.8-8.fc13: Process /usr/sbin/wpa_supplicant was killed by signal 11 (SIGSEGV)

Summary: [abrt] crash in wpa_supplicant-1:0.6.8-8.fc13: Process /usr/sbin/wpa_supplica...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	wpa_supplicant
Sub Component:
Version:	6.0
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Dan Williams
QA Contact:	desktop-bugs@redhat.com
Docs Contact:
URL:
Whiteboard:	abrt_hash:a2204c74184b289bb94103a1376...
Depends On:	589507
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-07 01:17 UTC by Dan Williams
Modified:	2010-11-12 13:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:	wpa_supplicant-0.6.8-10.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	589507
Environment:
Last Closed:	2010-11-12 13:44:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Dan Williams 2010-05-07 01:17:47 UTC

+++ This bug was initially created as a clone of Bug #589507 +++

abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -B -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
component: wpa_supplicant
executable: /usr/sbin/wpa_supplicant
global_uuid: a2204c74184b289bb94103a13762bdd2115b01b2
kernel: 2.6.33.3-72.fc13.i686.PAE
package: wpa_supplicant-1:0.6.8-8.fc13
rating: 3
reason: Process /usr/sbin/wpa_supplicant was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
How to reproduce: I was playing around with NetworkManager and starting and stopping things. But nothing that justifies a sig11.

--- Additional comment from mads on 2010-05-06 06:52:34 EDT ---

abrt failed to attach the stacktrace - probably because of bug 589511

[New Thread 28072]
Core was generated by `/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -B -u -f /v'.
Program terminated with signal 11, Segmentation fault.
#0  0x0b000065 in ?? ()

Thread 1 (Thread 28072):
#0  0x0b000065 in ?? ()
No symbol table info available.
#1  0x0807fef3 in wpa_drv_disassociate (eloop_ctx=<value optimized out>, 
    timeout_ctx=<value optimized out>) at wpa_supplicant_i.h:588
No locals.
#2  wpa_disconnect_spam_handle (eloop_ctx=<value optimized out>, 
    timeout_ctx=<value optimized out>) at wpa_supplicant.c:477
        wpa_s = 0x84fe0b8
        bssid = "\377\377\377\377\377\377"
        __FUNCTION__ = "wpa_disconnect_spam_handle"
#3  0x08051ce1 in eloop_run () at ../src/utils/eloop.c:496
        tmp = <value optimized out>
        efds = <value optimized out>
        res = 0
        _tv = {tv_sec = 0, tv_usec = 0}
        now = {sec = 1273136928, usec = 728426}
#4  0x0807fd66 in wpa_supplicant_run (global=<value optimized out>)
    at wpa_supplicant.c:2179
        wpa_s = <value optimized out>
#5  0x08087ace in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:253
        c = <value optimized out>
        i = <value optimized out>
        ifaces = <value optimized out>
        iface = <value optimized out>
        exitcode = <value optimized out>
        params = {daemonize = 1, wait_for_monitor = 0, 
          pid_file = 0x84fb028 "/var/run/wpa_supplicant.pid", 
          wpa_debug_level = 2, wpa_debug_show_keys = 0, 
          wpa_debug_timestamp = 0, ctrl_interface = 0x0, 
          dbus_ctrl_interface = 1, 
          wpa_debug_file_path = 0xbfde4f26 "/var/log/wpa_supplicant.log"}
From        To          Syms Read   Shared Object Library
0x0451fdc0  0x045573f8  Yes         /usr/lib/libssl.so.10
0x0413ee80  0x04221fd8  Yes         /usr/lib/libcrypto.so.10
0x004cba60  0x004cca88  Yes         /lib/libdl.so.2
0x009db220  0x00a07578  Yes         /lib/libdbus-1.so.3
0x004b25e0  0x004be568  Yes         /lib/libpthread.so.0
0x004e8880  0x004ec6b8  Yes         /lib/librt.so.1
0x0030aaa0  0x0042a554  Yes         /lib/libc.so.6
0x04420750  0x044423b8  Yes         /lib/libgssapi_krb5.so.2
0x00d2fe50  0x00d92ea8  Yes         /lib/libkrb5.so.3
0x00d1cd10  0x00d1d938  Yes         /lib/libcom_err.so.2
0x0444f7f0  0x0446a208  Yes         /lib/libk5crypto.so.3
0x00616650  0x00624f58  Yes         /lib/libresolv.so.2
0x004d3620  0x004de8e8  Yes         /lib/libz.so.1
0x002d2830  0x002ea37f  Yes         /lib/ld-linux.so.2
0x00de2c60  0x00de7238  Yes         /lib/libkrb5support.so.0
0x00ddc860  0x00ddcfc8  Yes         /lib/libkeyutils.so.1
0x005f8190  0x006093b8  Yes         /lib/libselinux.so.1
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
eax            0xb000065	184549477
ecx            0x0	0
edx            0x850ed68	139521384
ebx            0x84fe0b8	139452600
esp            0xbfde369c	0xbfde369c
ebp            0xbfde36c8	0xbfde36c8
esi            0x84fddd8	139451864
edi            0x0	0
eip            0xb000065	0xb000065
eflags         0x210206	[ PF IF RF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
No function contains program counter for selected frame.

--- Additional comment from mads on 2010-05-06 08:11:44 EDT ---

Package: wpa_supplicant-1:0.6.8-8.fc13
Architecture: i686
OS Release: Fedora release 13 (Goddard)


How to reproduce
-----
I was playing around with NetworkManager and starting and stopping things. But nothing that justifies a sig11.

Comment 1 Dan Williams 2010-05-07 01:19:35 UTC

While the impact of this crash is not huge, this fix is pretty obvious and worth getting into RHEL6 I believe.

Comment 2 Dan Williams 2010-05-07 01:23:58 UTC

Fix is to ensure the timeout gets removed when the interface goes away in wpa_supplicant-0.6.8-handle-driver-disconnect-spam.patch so that it doesn't get fired after the wpa_supplicant structure is deallocated and thus try to access invalid memory.

diff -up wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c.disconnect-spam wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c
--- wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c.disconnect-spam        2010-05-06 18:10:51.340288662 -0700
+++ wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant.c        2010-05-06 18:12:06.090413976 -0700
@@ -382,6 +382,9 @@ static void wpa_supplicant_cleanup(struc
        wpa_supplicant_cancel_scan(wpa_s);
        wpa_supplicant_cancel_auth_timeout(wpa_s);
 
+       if (eloop_is_timeout_registered(wpa_disconnect_spam_handle, wpa_s, NULL))
+               eloop_cancel_timeout(wpa_disconnect_spam_handle, wpa_s, NULL);
+
        ieee80211_sta_deinit(wpa_s);
 
        wpas_wps_deinit(wpa_s);

Comment 3 RHEL Program Management 2010-05-07 01:33:42 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 6 Dan Williams 2010-07-12 22:20:43 UTC

Requesting exception; fix is easy and low-risk, and has been present in Fedora for quite a while.

Comment 9 Dan Williams 2010-07-14 15:21:06 UTC

Fixed in May

Comment 11 Vladimir Benes 2010-11-12 09:22:58 UTC

cannot see any related crashes any more
-> VERIFIED

Comment 12 releng-rhel@redhat.com 2010-11-12 13:44:45 UTC

Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.